Ccna1 Rs Summary
-
Upload
abdikarim-abdullahi -
Category
Documents
-
view
29 -
download
0
description
Transcript of Ccna1 Rs Summary
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
CCNA Routing and Switching:
Introduction to Networks
Presentation_ID 2© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Course Description
CCNA Routing and Switching teaches comprehensive networking concepts, from network applications to the protocols and services provided to those applications by the lower layers of the network. Students will progress from basic networking to more complex enterprise and theoretical networking models later in the curriculum.
There are four courses in the recommended sequence:
Introduction to Networks
Routing and Switching Essentials
Scaling Networks
Connecting Networks
In each course, Networking Academy students will learn technology concepts with the support of interactive media and apply and practice this knowledge through a series of hands-on and simulated activities that reinforce their learning.
Presentation_ID 3© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Networking Today
Networks in Our Past and Daily Lives
Presentation_ID 4© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Interconnecting Our Lives
Networking Impacts in Our Daily Lives
Networks support the way we learn.
Networks support the way we communicate.
Networks support the way we work.
Networks support the way we play.
Presentation_ID 5© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
LANs, WANs, and Internets
Components of a Network
There are three categories of network components:
Devices
Media
Services
Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Components of Network
The components of a network The path that a message takes from source to destination can be as simple as a single cable connecting one
computer to another or as complex as a network that literally spans the globe.
–Network components are build up of:–hardware and software.– Devices and media are the physical elements or hardware of the network. – Services and processes are the communication programs, called software, that run on the
networked devices.
Presentation_ID 7© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
What are the END Devices and their Role in the Network? The network devices that people are most familiar with are called end devices.
These devices form the interface between the human network and the underlying communication network. Some examples of end devices are:
Computers (work stations, laptops, file servers, web servers)
Network printers
VoIP phones
Security cameras
Mobile handheld devices (such as wireless barcode scanners, PDAs)
Servers are hosts that have software installed that enables them to provide information and services, like e-mail or web pages, to other hosts on the network.
Clients are hosts that have software installed that enables them to request and display the information obtained from the server.
Components of Network
Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Structure–End devices form interface with human network & communications network
–Role of end devices :• client• server• both client and server
Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Structure
What are the role of an intermediary device in a data network?
Networks rely on intermediary devices to provide connectivity and to work behind the scenes to ensure that data flows across the network.
These devices connect the individual hosts to the network and can connect multiple individual networks to form an internetwork.
Examples of intermediary network devices are:
Network Access Devices (Hubs, switches, and wireless access points)
Internetworking Devices (routers)
Communication Servers and Modems
Security Devices (firewalls)
Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network StructureRole of an intermediary device
• provides connectivity and ensures data flows across network
Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
LANs and WANs
Types of Networks
The two most common types of network infrastructures are:
Local Area Network (LAN)
Wide Area Network (WAN).
Other types of networks include:
Metropolitan Area Network (MAN)
Wireless LAN (WLAN)
Storage Area Network (SAN)
Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Types
The Local Area Networks (LANs)A network serving a home, building or campus is considered a Local Area Network (LAN
LANs separated by geographic distance are connected by networks known as WAN
Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Types
Define the InternetThe internet is defined as a
global mesh of interconnected networks
Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
LANs, WANs, and the Internet
Intranet and Extranet
Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Connecting to the Internet
Connecting Remote Users to the Internet
Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Components of a Network
Network Media
Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Copper Cabling
Copper Media
Shielded Twisted Pair (STP) Cable
Unshielded Twisted Pair (UTP) Cable
Coaxial Cable
Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Copper Cabling
UTP Cable
Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Copper Cabling
STP Cable
Foil Shields
Braided or Foil Shield
Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Copper Cabling
Coaxial Cable
Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Copper Cabling
Cooper Media Safety
Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
UTP Cabling
Properties of UTP CablingUTP cable does not use shielding to counter the effects of EMI and RFI. Instead, cable designers have discovered that they can limit the negative effect of crosstalk by:
Cancellation
Varying the number of twists per wire pair
Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
UTP Cabling
UTP Cabling Standards
Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
UTP Cabling
UTP Connectors
Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
UTP Cabling
Types of UTP Cable
Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
UTP Cabling
Testing UTP Cables
After installation, a UTP cable tester should be used to test for the following parameters:
Wire map
Cable length
Signal loss due to attenuation
Crosstalk
Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Fiber Optic Cabling
Properties of Fiber Optic CablingFiber-optic cabling is now being used in four types of industry:
Enterprise Networks
Fiber-to-the-home (FTTH) and Access Networks
Long-Haul Networks
Submarine Networks
Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Fiber Optic Cabling
Fiber Media Cable Design
Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Fiber Optic Cabling
Types of Fiber Media
Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Fiber Optic Cabling
Network Fiber Connectors
Presentation_ID 31© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Fiber Optic Cabling
Testing Fiber Cables
Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Fiber Optic Cabling
Fiber versus Copper
Implementation Issues Copper Media Fibre Optic
Bandwidth Supported 10 Mbps – 10 Gbps 10 Mbps – 100 Gbps
Distance Relatively short(1 – 100 meters)
Relatively High(1 – 100,000 meters)
Immunity To EMI And RFI LowHigh
(Completely immune)
Immunity To Electrical Hazards LowHigh
(Completely immune)
Media And Connector Costs Lowest Highest
Installation Skills Required Lowest Highest
Safety Precautions Lowest Highest
Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Wireless Media
Properties of Wireless MediaWireless does have some areas of concern including:
Coverage area
Interference
Security
Presentation_ID 34© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
• IEEE 802.11 standards• Commonly referred to as Wi-Fi.• Uses CSMA/CA• Variations include:
• 802.11a: 54 Mbps, 5 GHz• 802.11b: 11 Mbps, 2.4 GHz• 802.11g: 54 Mbps, 2.4 GHz• 802.11n: 600 Mbps, 2.4 and 5 GHz• 802.11ac: 1 Gbps, 5 GHz• 802.11ad: 7 Gbps, 2.4 GHz, 5 GHz, and 60 GHz
• IEEE 802.15 standard• Supports speeds up to 3 Mb/s• Provides device pairing over distances from 1 to 100
meters.
• IEEE 802.16 standard• Provides speeds up to 1 Gbps• Uses a point-to-multipoint topology to provide
wireless broadband access.
Wireless Media
Types of Wireless Media
Presentation_ID 35© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Components of a Network
Network Representations
Presentation_ID 36© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Components of a Network
Topology Diagrams
Presentation_ID 37© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Reliable Network
Supporting Network Architecture
As networks evolve, we are discovering that there are four basic characteristics that the underlying architectures need to address in order to meet user expectations:
Fault Tolerance
Scalability
Quality of Service (QoS)
Security
Presentation_ID 38© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Configuring a Network Operating System
Presentation_ID 39© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco IOS
Operating Systems All networking equipment dependent on operating systems The operating system on home routers is usually called firmware Cisco IOS – Collection of network operating systems used on Cisco
devices
Presentation_ID 40© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco IOS
Operating Systems (cont.)
Presentation_ID 41© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco IOS
Purpose of OS
PC operating systems (Windows 8 and OS X) perform technical functions that enable:
Use of a mouse View output Enter text
Switch or router IOS provides options to: Configure interfaces Enable routing and switching functions
All networking devices come with a default IOS Possible to upgrade the IOS version or feature set In this course, primary focus is Cisco IOS Release 15.x
Presentation_ID 42© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco IOS
Location of the Cisco IOS
Cisco IOS stored in Flash Non-volatile storage, not lost when power is lost Can be changed or overwritten as needed Can be used to store multiple versions of IOS IOS copied from flash to volatile RAM Quantity of flash and RAM memory determines IOS that can be used
Presentation_ID 43© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco IOS
IOS FunctionsThese are the major functions performed or enabled by Cisco routers and switches.
Presentation_ID 44© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Accessing a Cisco IOS Device
Console Access Method
Most common methods to access the CLI: Console Telnet or SSH AUX port
Presentation_ID 45© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Accessing a Cisco IOS Device
Console Access MethodConsole Port Device is accessible even if no networking services have been
configured (out-of-band) Need a special console cable Allows configuration commands to be entered Should be configured with passwords to prevent unauthorized access Device should be located in a secure room so console port cannot be
easily accessed
Presentation_ID 46© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Accessing a Cisco IOS Device
Telnet, SSH, and AUX Access MethodsTelnet Method for remotely accessing the CLI over a network Require active networking services and one active interface that is
configured
Secure Shell (SSH) Remote login similar to Telnet, but utilizes more security Stronger password authentication Uses encryption when transporting data
Aux Port Out-of-band connection Uses telephone line Can be used like console port
Presentation_ID 47© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Accessing a Cisco IOS Device
Terminal Emulation Programs
Software available for connecting to a networking device:
PuTTY
Tera Term
SecureCRT
HyperTerminal
OS X Terminal
Presentation_ID 48© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Navigating the IOS
Cisco IOS Modes of Operation
Presentation_ID 49© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Navigating the IOS
Primary Modes
Presentation_ID 50© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Navigating the IOS
Global Configuration Mode and Submodes
Presentation_ID 51© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Navigating the IOS
Navigating Between IOS Modes
Presentation_ID 52© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Navigating the IOS
Navigating Between IOS Modes (cont.)
Presentation_ID 53© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Command Structure
IOS Command Structure
Presentation_ID 54© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Protocols and Communications
Presentation_ID 55© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Function of Protocol in Network Communication
A protocol is a set of predetermined rules
All communication, whether face-to-face or over a network, is governed by predetermined rules called protocols.
These protocols are specific to the characteristics of the conversation.
Presentation_ID 56© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Rules
What is Communication?
Presentation_ID 57© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Rules
Establishing the Rules
An identified sender and receiver
Agreed upon method of communicating (face-to-face, telephone, letter, photograph)
Common language and grammar
Speed and timing of delivery
Confirmation or acknowledgment requirements
Presentation_ID 58© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Function of Protocol in Network Communication
Describe Protocol suites and industry standards
A standard is
a process or protocol that has been endorsed by the networking industry and ratified by a standards organization, such as the Institute of Electrical and Electronics Engineers (IEEE) or the Internet Engineering Task Force (IETF).
Presentation_ID 59© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Protocols
Network Protocols
How the message is formatted or structured
The process by which networking devices share information about pathways with other networks
How and when error and system messages are passed between devices
The setup and termination of data transfer sessions
Presentation_ID 60© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Protocols
Interaction of Protocols
Application Protocol – Hypertext Transfer Protocol (HTTP)
Transport Protocol – Transmission Control Protocol (TCP)
Internet Protocol – Internet Protocol (IP)
Network Access Protocols – Data link & physical layers
Presentation_ID 61© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Protocol Suites
Protocol Suites and Industry Standards
Presentation_ID 62© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Protocol Suites
Creation of Internet, Development of TCP/IP
The first packet switching network and predecessor to today’s Internet was the Advanced Research Projects Agency Network (ARPANET), which came to life in 1969 by connecting mainframe computers at four locations.
ARPANET was funded by the U.S. Department of Defense for use by universities and research laboratories. Bolt, Beranek and Newman (BBN) was the contractor that did much of the initial development of the ARPANET, including creating the first router known as an Interface Message Processor (IMP).
In 1973, Robert Kahn and Vinton Cerf began work on TCP to develop the next generation of the ARPANET. TCP was designed to replace ARPANET’s current Network Control Program (NCP).
In 1978, TCP was divided into two protocols: TCP and IP. Later, other protocols were added to the TCP/IP suite of protocols including Telnet, FTP, DNS, and many others.
Presentation_ID 63© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Protocol Suites
TCP/IP Protocol Suite and Communication
Presentation_ID 64© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Standards Organizations
Open Standards
The Internet Society (ISOC)
The Internet Architecture Board (IAB)
The Internet Engineering Task Force (IETF)
Institute of Electrical and Electronics Engineers (IEEE)
The International Organization for Standards (ISO)
Presentation_ID 65© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Standards Organizations
ISOC, IAB, and IETF
Presentation_ID 66© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Standards Organizations
ISO
OSI Model
Presentation_ID 67© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Standards Organizations
Other Standards Organization
The Electronic Industries Alliance (EIA)
The Telecommunications Industry Association (TIA)
The International Telecommunications Union – Telecommunications Standardization Sector (ITU-T)
The Internet Corporation for Assigned Names and Numbers (ICANN)
The Internet Assigned Numbers Authority (IANA)
Presentation_ID 68© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Reference Models
Benefits of Using a Layered Model
Presentation_ID 69© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Reference Models
The OSI Reference Model
Presentation_ID 70© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Reference Models
The TCP/IP Reference Model
Presentation_ID 71© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Reference Models
Comparing the OSI and TCP/IP Models
Presentation_ID 72© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Layers with TCP/IP and OSI Model
Explain protocol data units (PDU) and encapsulation
As application data is passed down the protocol stack on its way to be transmitted across the network media, various protocols add information to it at each level. This is commonly known as the encapsulation process.
The form that a piece of data takes at any layer is called a Protocol Data Unit (PDU). During encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer above in accordance with the protocol being used.
Presentation_ID 73© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Application Layer
The Application layer provides the interface to the network.
The application layer prepares human communication to be transmitted over the data network.
Presentation_ID 74© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Presentation Layer
The Presentation layer has three primary functions:
Coding and conversion of Application layer data to ensure that data from the source device can be interpreted by the appropriate application on the destination device.
Compression of the data in a manner that can be decompressed by the destination device.
Encryption of the data for transmission and the decryption of data upon receipt by the destination.
The Session Layer As the name of the Session layer implies, functions at this layer create and maintain
dialogs between source and destination applications.
The Session layer handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle for a long period of time.
Presentation_ID 75© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Transport Layer:
The transport layer prepares the application data for transport over the network and process the network data for use by application.
Presentation_ID 76© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Role of Transport Layer
The Transport layer provides for the segmentation of data and the control necessary to reassemble these pieces into the various communication streams. Its primary responsibilities to accomplish this are:
Tracking the individual communication between applications on the source and destination hosts
Segmenting data and managing each piece
Reassembling the segments into streams of application data
Identifying the different applications
Presentation_ID 77© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Layer Protocols and Internet Protocol (IP)
The basic role of the Network Layer in data networks
The Network layer encapsulation allows its contents to be passed to the destination within a network or on another network with minimum overhead.
To accomplish this end-to-end
transport, Layer 3 uses
four basic processes:
• Addressing• Encapsulation
• Routing• Decapsulation
Presentation_ID 78© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The Data Link Layer
The data link layer provides a means for exchanging data over a common local media.
Presentation_ID 79© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Data Link Layer – Accessing the Media
why Data Link layer protocols are required to control media access?
Presentation_ID 80© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Data Link Layer – Accessing the Media
Describe the role the Data Link layer plays in linking the software and hardware layers
The Data Link layer exists as a connecting layer between the software processes of the layers above it and the Physical layer below it. As such, it prepares the Network layer packets for transmission across some form of media, be it copper, fiber, or the atmosphere.
Presentation_ID 81© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Data Link Sublayers
To support a wide variety of network functions, the Data Link layer is often divided into two sublayers: an upper sublayer and an lower sublayer.
The upper sublayer defines the software processes that provide services to the Network layer protocols.
The lower sublayer defines the media access processes performed by the hardware.
Presentation_ID 82© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
The two common LAN sublayers are:
Logical Link Control
Logical Link Control (LLC) places information in the frame that identifies which Network layer protocol is being used for the frame. This information allows multiple Layer 3 protocols, such as IP and IPX, to utilize the same network interface and media.
Media Access Control
Media Access Control (MAC) provides Data Link layer addressing and delimiting of data according to the physical signaling requirements of the medium and the type of Data Link layer protocol in use.
Presentation_ID 83© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Purpose of the Data Link Layer
Data Link Sublayers
Network
Data Link
LLC Sublayer
MAC Sublayer
Physical
802.
3 E
ther
net
802.
11 W
i-Fi
802.
15 B
luet
ooth
Presentation_ID 84© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Physical Layer Protocols & Services
Purpose of the Physical Layer
The role of the OSI physical layer is to encode the binary digits that represent data link layer frames into signals and to transmit and receive these signals across the physical media—copper wires, optical fiber, and wireless—that connect network devices.
Presentation_ID 85© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Purpose of Physical Layer
To prepare a data-link frame for the journey across the medium, the physical layer encodes the logical frame with patterns of data that will make it recognizable to the device that will pick it up on the other end of the medium. The device can be a router that will forward the frame or the destination device.
The delivery of frames across the local media requires the following physical layer elements:
■ The physical media and associated connectors
■ A representation of bits on the media
■ Encoding of data and control information
■ Transmitter and receiver circuitry on the network devices
After the signals traverse the medium, they are decoded to their original bit representations of data and given to the data link layer as a complete frame.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 86
Keeping the Network Safe
Presentation_ID 87© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Device Security Measures
Threats to Network Security
Categories of Threats to Network Security
Presentation_ID 88© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Device Security Measures
Physical SecurityFour classes of physical threats are: Hardware threats – Physical damage to servers, routers,
switches, cabling plant, and workstations Environmental threats – Temperature extremes (too hot or too
cold) or humidity extremes (too wet or too dry) Electrical threats – Voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss Maintenance threats – Poor handling of key electrical
components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling
Presentation_ID 89© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Network Device Security Measures
Types of Security Vulnerabilities
Types of Security Weaknesses:
Technological
Configuration
Security policy
Vulnerabilities - Technology
Presentation_ID 90© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Vulnerabilities and Network Attacks
Viruses, Worms and Trojan Horses Virus – Malicious software that is attached to another program to
execute a particular unwanted function on a workstation.
Trojan horse – An entire application written to look like something else, when in fact it is an attack tool.
Worms – Worms are self-contained programs that attack a system and try to exploit a specific vulnerability in the target. The worm copies its program from the attacking host to the newly exploited system to begin the cycle again.
Presentation_ID 91© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Vulnerabilities and Network Attacks
Reconnaissance Attacks
Presentation_ID 92© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Vulnerabilities and Network Attacks
Access Attacks
Presentation_ID 93© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Vulnerabilities and Network Attacks
Access Attacks (Cont.)
Presentation_ID 94© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Vulnerabilities and Network Attacks
Denial of Service Attacks (DoS)
Presentation_ID 95© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Mitigating Network Attacks
Backup, Upgrade, Update, and Patch
Keep current with the latest versions of antivirus software.
Install updated security patches.
Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network.
Presentation_ID 96© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Mitigating Network Attacks
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA, or “triple A”) Authentication – Users and administrators must prove their identity.
Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods.
Authorization – Determines which resources the user can access and the operations that the user is allowed to perform.
Accounting – Records what the user accessed, the amount of time the resource is accessed, and any changes made.
Presentation_ID 97© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Mitigating Network Attacks
FirewallsA Firewall resides between two or more networks. It controls traffic and helps prevent unauthorized access.
Methods used are:
Packet Filtering
Application Filtering
URL Filtering
Stateful Packet Inspection (SPI) – Incoming packets must be legitimate responses to requests from internal hosts.
Firewalls
Presentation_ID 98© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Mitigating Network Attacks
Endpoint Security Common endpoints are
laptops, desktops, servers, smart phones, and tablets.
Employees must follow the companies documented security policies to secure their devices.
Policies often include the use of anti-virus software and host intrusion prevention.
Common Endpoint Devices
Presentation_ID 99© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Securing Devices
Introduction to Securing Devices
Part of network security is securing devices, including end devices and intermediate devices.
Default usernames and passwords should be changed immediately.
Access to system resources should be restricted to only the individuals that are authorized to use those resources.
Any unnecessary services and applications should be turned off and uninstalled, when possible.
Update with security patches as they become available.
Presentation_ID 100© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Securing Devices
PasswordsWeak and Strong Passwords
Presentation_ID 101© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Securing Devices
Basic Security Practices
Encrypt passwords.
Require minimum length passwords.
Block brute force attacks.
Use Banner Message.
Set EXEC timeout.
Securing Devices
Presentation_ID 102© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Securing Devices
Enable SSH
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 103
11.3 Basic Network Performance